OS X: Web Filtering with OpenDNS

If you’re concerned about what your kids might be running across while they’re browsing the Internet, you’re definitely not alone. Your Mac has some built-in tools to deal with the problem; however, I find the Web filter within OS X’s parental controls to be…not great. In my experience, it often blocks legitimate sites and is a bit frustrating to use (having to enter your administrator password five times a day so your kid can access a site is less than fun). The solution I prefer is using the OpenDNS FamilyShield service to automatically filter all Internet activity.

Here’s how it works: The DNS (Domain Name System) is essentially the phone book of the Internet. You type “apple.com” into your browser, and DNS translates that into the numerical IP address needed to take you right where you’re looking to go.

OpenDNS maintains a list of sites and categories that parents might want to filter out. To take advantage of their service, you'll replace whatever is currently providing your DNS with their servers. Doing so means that your kid won’t be able to access anything OpenDNS blocks, unless he's really savvy and is the administrator on his machine. I’ve found it works pretty darned well, too. The basic service, which I’m going to walk through here, is free to use. With their paid service ($19.95 per year), you’ll get more control over what categories you block, and you’ll also be able to track Internet usage if you want to.

So there are two ways you can configure FamilyShield. If you set it up on your router—which sounds complicated but is really pretty easy—the changes will affect every single device that connects to your network. For those instructions, start on the OpenDNS “choose your router” page to walk through the steps.

If your child only has one Mac, though, it might be easier to just cut off his or her personal link to the bad stuff by configuring OpenDNS only on that machine. That way, the adults in the house aren’t affected by the filter. To do that, go to System Preferences> Network on your kid’s Mac. If you're logged in under the child's account, you'll need to click the lock in the lower left and enter your administrator name and password to make changes; again, be sure that your kid doesn't know that information, or he'll be able to switch things back. Anyway, once you're there, click on your network connection in the left-hand list to select it. The active network connection, almost always either Wi-Fi or Ethernet, will have a green dot.

Then click on the "Advanced" button in the lower right. When you do so, you’ll see a bunch of tabs pop up, and if you’re not familiar with networking, they may look cryptic. Unsurprisingly, though, we’re gonna choose the “DNS” one.

Then all you’ve gotta do is click the plus button at the lower left (underneath the “DNS Servers” box) and add in the following two numbers: 208.67.222.123 and 208.67.220.123.

Click OK, and then when it takes you back out to the main Network Preferences page, click Apply. If your kid also uses an additional method for connecting to the Internet (such as Ethernet if you just configured Wi-Fi, for example, or vice versa), you’ll click on that service from the left-hand list and follow the same procedure again.

That’s all there is to it! Wondering what your kid’ll see when he attempts to visit a blocked site? This warning will show up in his browser:

I visited that site for science, I swear.

There are a few downsides to this method, most notably that it doesn’t protect your kiddo on any other Internet-connected devices (like gaming consoles), so if your child has multiple ways to access the Internet, following the router instructions above might be the way to go. Otherwise, this is a five-minute way to block out some of the less-than-savory elements online. No method is perfect, of course, but unless you’re willing to sit in front of the computer with little Johnny or Janie for every second, you've just gotta do what you can.